Storm's premature invitation

Some things arrive way too early. This time, it’s the Storm worm.

The Storm gang is starting early on the Valentine’s day theme, and we are receiving emails from these affectionate souls, trying to deliver “withlove.exe“, and other malicious vday themed executable names to our systems.

This campaign includes familiar and consistent characteristics. An email will arrive with a cute statement related to the theme, inviting a user to visit a hyperlink containing an ip address. The destination web site will attempt to exploit the visitor’s system, and if it can’t, the page provides a download link for the executable:

The authors of this one must be planning on some Valentine’s day Mexican cuisine. We’ve seen it dropping files like “burito.ini” and “burito5e84-1216.sys”, before killing AV products and adding the victim host to its huge botnet.

Last year’s massive Storm outbreak pushed romantic subject lines such as “Sending You My Love” and “You’re the One”. While “With love”, “I Would Dream”, and “Memories of You” isn’t all that much of a change, it’s a small twist. Nicolas Albright made a fairly safe prediction that this upcoming holiday would be the next target:
“The DISOG team is placing bets on the next rouse. I say adult rated material for February 14th (St. Valentines Day).”

I’m sure he’ll have another interesting post about this variant.

This entry was posted in Online Fraud. Bookmark the permalink.

One Response to Storm's premature invitation

  1. mattky says:

    I recieved an email from tina.fowler@pdainc.com titled “The Rose”, because it is a valid company I opened it.IT read “sending you ALL my love” followed by a click on address that showed a lacy heart.
    Is this a worm of some sort or a legit email from this person?

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>